Package com.sun.jna.platform.win32

Examples of com.sun.jna.platform.win32.WinUser$MSG


            }
            int dwRead = pnBytesRead.getValue();
            Pointer pevlr = buffer;
            int maxRecords = 3;
            while (dwRead > 0 && maxRecords-- > 0) {
                EVENTLOGRECORD record = new EVENTLOGRECORD(pevlr);
                /*
                  System.out.println(record.RecordNumber.intValue()
                  + " Event ID: " + record.EventID.intValue()
                  + " Event Type: " + record.EventType.intValue()
                  + " Event Source: " + pevlr.getString(record.size(), true));
View Full Code Here


   * @return the process
   */
  public static Process getProcess(int pid)
  {
    WindowsXPProcess result = new WindowsXPProcess();
    HANDLE hProcess = MyKernel32.INSTANCE.OpenProcess(MyKernel32.PROCESS_ALL_ACCESS, false, pid);
    if (hProcess == null)
      hProcess = MyKernel32.INSTANCE.OpenProcess(MyKernel32.PROCESS_QUERY_INFORMATION, false, pid);
    if (hProcess == null)
      return null;

    result._pid = pid;
    result._processInformation = new PROCESS_INFORMATION();
    result._processInformation.dwProcessId = pid;
    result._processInformation.hProcess = hProcess;
    result._cmd = result.getCommandLineInternal();
    // this does not always work (why ??), if so try again, then this
    // normally does
    // on win64 PEB of 64 bit cannot be accessed from wow -> use wmi
    if (result._cmd.equals("?"))
      result._cmd = result.getCommandLineInternalWMI();
    if ("?".equals(result._cmd))
    {
      System.err.println("Could not get commandline");
    }
    else
      System.out.println("Command line of " + pid + ": " + result._cmd);
    PointerByReference hToken = new PointerByReference();
    HANDLE hp = new HANDLE();
    hp.setPointer(hProcess.getPointer());
    if (MyAdvapi.INSTANCE.OpenProcessToken(hp, MyAdvapi.TOKEN_READ, hToken))
    {
      IntByReference dwSize = new IntByReference();
      MyAdvapi.INSTANCE.GetTokenInformation(hToken.getValue(), MyAdvapi.TokenUser, null, 0, dwSize);
      {
View Full Code Here

   */
  public static boolean kill(int pid, int code)
  {
    if (pid <= 0)
      return false;
    HANDLE hProcess = MyKernel32.INSTANCE.OpenProcess(MyKernel32.PROCESS_TERMINATE, false, pid);
    boolean result = MyKernel32.INSTANCE.TerminateProcess(hProcess, code);
    Thread.yield();
    if (!result)
      System.out.println("process kill failed: " + pid + " code=" + code);
    MyKernel32.INSTANCE.CloseHandle(hProcess);
View Full Code Here

    String result = "?";
    PROCESS_BASIC_INFORMATION pbi = null;

    pbi = new PROCESS_BASIC_INFORMATION();
    IntByReference returnLength = new IntByReference();
    HANDLE hProcess = _processInformation.hProcess;
    int pbiSize = pbi.size(); // x64 = 48 bytes, x32 = 24
    int ret = Ntdll.INSTANCE.ZwQueryInformationProcess(hProcess, (byte) 0, pbi.getPointer(), pbiSize, returnLength);
    if (ret == 0)
    {
      pbi.read();
      if (pbi.PebBaseAddress != null)
      {
        PEB peb = new PEB();
        // System.out.println(""+1);
        if (readVirtualMemoryToStructure(pbi.PebBaseAddress, peb))
          if (peb.ProcessParameters != null)
          {
            RTL_USER_PROCESS_PARAMETERS userParams = new RTL_USER_PROCESS_PARAMETERS();
            int userParamsSize = userParams.size(); //x32 = 784, x64 = 1264
            // System.out.println(""+2);
            if (readVirtualMemoryToStructure(peb.ProcessParameters, userParams))
            {
              // System.out.println("MaximumLength "+userParams.CommandLine.MaximumLength);
              if (userParams.CommandLine.MaximumLength > 0)
              {
                Memory stringBuffer = new Memory(userParams.CommandLine.MaximumLength);
                // System.out.println(""+3);
                if (readVirtualMemoryToMemory(userParams.CommandLine.Buffer, stringBuffer))
                  result = stringBuffer.getString(0, true);
              }         
             
              if (userParams.CurrentDirectoryPath.MaximumLength > 0)
              {
                Memory stringBuffer = new Memory(userParams.CurrentDirectoryPath.MaximumLength);
                if (readVirtualMemoryToMemory(userParams.CurrentDirectoryPath.Buffer, stringBuffer))
                  _workingDir = stringBuffer.getString(0, true);
              }
              if (userParams.WindowTitle.MaximumLength > 0)
              {
                Memory stringBuffer = new Memory(userParams.WindowTitle.MaximumLength);
                if (readVirtualMemoryToMemory(userParams.WindowTitle.Buffer, stringBuffer))
                  _title = stringBuffer.getString(0, true);
              }
              if (userParams.Environment != null)
              {
                // get size of environment strings
                MEMORY_BASIC_INFORMATION memInfo = new MEMORY_BASIC_INFORMATION();
                int memInfoSize = memInfo.size(); //x64 = 48, x32 = 28
                int bytesRead = MyKernel32.INSTANCE.VirtualQueryEx(hProcess.getPointer(), userParams.Environment, memInfo.getPointer(),
                    memInfoSize);
                memInfo.read();
                if (bytesRead == 0)
                {
                  _logger.warning("error getting environment in VirtualQueryEx " + Native.getLastError());
View Full Code Here

    String result = "?";
    PROCESS_BASIC_INFORMATION pbi = null;

    pbi = new PROCESS_BASIC_INFORMATION();
    IntByReference returnLength = new IntByReference();
    HANDLE hProcess = _processInformation.hProcess;
    int size = pbi.size();
    int ret = Ntdll.INSTANCE.ZwQueryInformationProcess(hProcess, (byte) 0, pbi.getPointer(), size, returnLength);
    if (ret == 0)
    {
      pbi.read();
View Full Code Here

      assertTrue(W32Errors.ERROR_SUCCESS != Kernel32.INSTANCE.GetLastError());
    }
   
    public void testOpenThreadTokenNoToken() {
      HANDLEByReference phToken = new HANDLEByReference();
      HANDLE threadHandle = Kernel32.INSTANCE.GetCurrentThread();
      assertNotNull(threadHandle);
      assertFalse(Advapi32.INSTANCE.OpenThreadToken(threadHandle,
          WinNT.TOKEN_READ, false, phToken));
      assertEquals(W32Errors.ERROR_NO_TOKEN, Kernel32.INSTANCE.GetLastError());
    }
View Full Code Here

      assertEquals(W32Errors.ERROR_NO_TOKEN, Kernel32.INSTANCE.GetLastError());
    }
   
    public void testOpenProcessToken() {
      HANDLEByReference phToken = new HANDLEByReference();
      HANDLE processHandle = Kernel32.INSTANCE.GetCurrentProcess();
      assertTrue(Advapi32.INSTANCE.OpenProcessToken(processHandle,
          WinNT.TOKEN_DUPLICATE | WinNT.TOKEN_QUERY, phToken));
      assertTrue(Kernel32.INSTANCE.CloseHandle(phToken.getValue()));     
    }
View Full Code Here

      assertTrue(Kernel32.INSTANCE.CloseHandle(phToken.getValue()));     
    }
   
    public void testOpenThreadOrProcessToken() {
      HANDLEByReference phToken = new HANDLEByReference();
      HANDLE threadHandle = Kernel32.INSTANCE.GetCurrentThread();
      if (! Advapi32.INSTANCE.OpenThreadToken(threadHandle,
          WinNT.TOKEN_DUPLICATE | WinNT.TOKEN_QUERY, true, phToken)) {
          assertEquals(W32Errors.ERROR_NO_TOKEN, Kernel32.INSTANCE.GetLastError());
          HANDLE processHandle = Kernel32.INSTANCE.GetCurrentProcess();
          assertTrue(Advapi32.INSTANCE.OpenProcessToken(processHandle,
              WinNT.TOKEN_DUPLICATE | WinNT.TOKEN_QUERY, phToken));
      }
      assertTrue(Kernel32.INSTANCE.CloseHandle(phToken.getValue()));
    }
View Full Code Here

    }
   
    public void testDuplicateToken() {
      HANDLEByReference phToken = new HANDLEByReference();
      HANDLEByReference phTokenDup = new HANDLEByReference();
      HANDLE processHandle = Kernel32.INSTANCE.GetCurrentProcess();
        assertTrue(Advapi32.INSTANCE.OpenProcessToken(processHandle,
            WinNT.TOKEN_DUPLICATE | WinNT.TOKEN_QUERY, phToken));
        assertTrue(Advapi32.INSTANCE.DuplicateToken(phToken.getValue(),
            WinNT.SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, phTokenDup));
      assertTrue(Kernel32.INSTANCE.CloseHandle(phTokenDup.getValue()));
View Full Code Here

    }
   
    public void testDuplicateTokenEx() {
      HANDLEByReference hExistingToken = new HANDLEByReference();
      HANDLEByReference phNewToken = new HANDLEByReference();
      HANDLE processHandle = Kernel32.INSTANCE.GetCurrentProcess();
      assertTrue(Advapi32.INSTANCE.OpenProcessToken(processHandle,
          WinNT.TOKEN_DUPLICATE | WinNT.TOKEN_QUERY, hExistingToken));
      assertTrue(Advapi32.INSTANCE.DuplicateTokenEx(hExistingToken.getValue(),
          WinNT.GENERIC_READ, null, SECURITY_IMPERSONATION_LEVEL.SecurityAnonymous,
          TOKEN_TYPE.TokenPrimary, phNewToken));
View Full Code Here

TOP

Related Classes of com.sun.jna.platform.win32.WinUser$MSG

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.